US, China discuss deal to limit use of cyberweapons, says report

The countries are in talks to prohibit first strikes against critical infrastructure, according to The New York Times. The negotiations could lead to first-ever arms-control deal for cyberspace.

Edward Moyer Senior Editor

Edward Moyer is a senior editor at CNET and a many-year veteran of the writing and editing world. He enjoys taking sentences apart and putting them back together. He also likes making them from scratch. ¶ For nearly a quarter of a century, he's edited and written stories about various aspects of the technology world, from the US National Security Agency's controversial spying techniques to historic NASA space missions to 3D-printed works of fine art. Before that, he wrote about movies, musicians, artists and subcultures.

Credentials

Ed was a member of the CNET crew that won a National Magazine Award from the American Society of Magazine Editors for general excellence online. He's also edited pieces that've nabbed prizes from the Society of Professional Journalists and others.

See full bio

Edward Moyer

Sept. 19, 2015 3:06 p.m. PT

2 min read

Chinese President Xi Jinping and President Barack Obama. China and the US are reportedly in talks to prohibit first-strike cyberattacks. © Ju Peng/Xinhua Press/Corbis

Could cyberattacks one day be governed by treaties like those limiting the use of nuclear, chemical and biological weapons? The US and China are reportedly taking a first step in that direction.

The countries are discussing a mutual promise not to launch a first-strike attack with cyberweapons on the other country's critical infrastructure, such as power plants, hospitals and banks, The New York Times reported Saturday.

The talks are geared toward producing a deal that would be announced next week during China President Xi Jinping's state visit to the US, the Times said, citing unnamed officials involved in the negotiations.

Such an announcement might not mention an official rule barring attacks on critical systems, a Times source said. Rather, it could involve a general embrace of a United Nations code of conduct that spells out nonbinding "principles of responsible behavior" regarding the use of cyberweapons like malicious software.

Nonetheless, the UN guidelines single out attacks on critical infrastructure as the "most harmful," and the negotiations could evolve into the first-ever arms-control deal for cyberspace, the Times said.

The news comes amid increased tension between the US and China over hacking and cyberspying. In June, the FBI said it suspected Chinese hackers of an attack on the US government's personnel office that compromised the data of millions of current and former federal workers. And in August, officials with the Obama administration told The Washington Post that the US was developing a range of "unprecedented" economic sanctions against China over online espionage.

The deal under discussion wouldn't prohibit such spying, or the theft of intellectual property, but it would, the Times said, "be a first effort by the world's two biggest economic powers to prevent the most catastrophic use of cyberweapons."

It's not clear, though, how effective a cyberweapons treaty would be, the Times noted. Unlike a missile strike, a cyberattack can be tough to track, making deterrence and retaliation difficult.

"It could create some self-restraint," a Harvard professor who studies US power told the Times, but "how do you verify it, and what is its value if it can't be verified?"

The White House declined to comment on the Times report.